WordPress 2.9’s embeds feature is pretty handy if I may say so myself (I wrote it). However for security purposes, discovery is disabled. This plugin enables it for users with the
unfiltered_html capability (Administrators and Editors by default).
What is oEmbed discovery?
Website owners can add a bit of HTML to their head that says where their oEmbed provider is located. This allows consumers such as WordPress to embed things from their website without WordPress specifically knowing about their website before hand.
However this is disabled in WordPress by default to prevent someone (either on purpose or by accident) from embedding content from a malicious website.
So oEmbed discovery is bad?
No, it’s just powerful and has risks. Whatever HTML the remote website provides is used directly. Normally that’s fine, but they could also provide HTML that is bad for you and your visitors. So it’s best if you know what you’re doing which is why it’s disabled in WordPress by default.
- Download from WordPress.org (7,472 downloads)